Currently NLX uses the `Organization` field in the SSL certificate as primary identifier of an organization. To use API's on the NLX network the primary identifier needs to be included in the URL, this is error-prone. To fix this NLX would like to use `SerialNumber` of the certificate as primary identifier. ### Reasons to move from organization name to OIN: - including an organization name when performing a request is error prone (spaces, etc.) - using OIN, we can use auto-complete for opdrachten (right now we don't have a complete list of all organizations in the directory. If we would use the COR API, we have a list of all possible organizations by OIN). ### Consequences: - NLX can only be used in The Netherlands, since OIN is Nederlandse overheid-specifiek URL to a service with our current implementation http://gemeente-stijns-nlx-outway/Gemeente%20Stijns/parkeerrechten URL to a service based on serialnumber http://gemeente-stijns-nlx-outway/00000000000000000123/parkeerrechten **Code base** Cert-Portal * Include a unique subject serial number in signed certificates Demo organizations * update our demo setup to use serial numbers instead of organization name Directory-DB * add serialnumber to organization table Directory-inspection-api * return serialnumber in list services call Directory-registration-api * store serialnumber in register service call Directory-ui * display serialnumber * add serialnumber to auditlogs Inway * store serialnumber in TX log * the check if there is an access grant for an organization should happen on serialnumber instead of organizationname * the check if a received claim is owned by the sender should happen on serialnumber instead of organizationname Management-api * add serialnumber to access_requests_incoming * add serialnumber to access_requests_outgoing * user serialnumber as organization identifier in access grants * use serialnumber as delagatee in orders * use serialnumber in order_services Management-ui * display serialnumber of your own organization * display serialnumber in directory view * inputfield for serialnumber when creating an order * use serialnumber to create an access request NLX-CTL * use serialnumber to create an access request Outway * parse serialnumber from url * use serialnumber as identifier in the hashmap for services * store serialnumber in TX log * use serialnumber to retrieve order token instead of organization name * use serialnumber as identifier in the hashmap for delegation claims Txlog-db * add destination serialnumber * add source serialnumber **Docs** Request a demo certificate * describe that the serialnumber is used by NLX as the organization identifier Provide an API * update URLs used in `Quering your own API's` section Request a production certifiate * describe that the serialnumber is used by NLX as the organization identifier **Communication** 1. Every organisation needs to update the NLX components to the latest version 1. Every organisation on demo needs to request a new certificate 1. Every organisation should delete their access requests, orders from the management-api database 1. Every organisation should re-request access to services 1. Every organisation should re-create their orders 1. Every organisation on demo needs to change the URL for all requests made through an outway to a specific service ** Work flow ** These things can be done in paralel * Certportal 2 punten * Directory UI 2 punten * Management UI 2 punten * Add relevant tests to the management API 5 punten * Add relevant tests to the inspection API 5 punten ================================= * Directory Registration API 5 punten * Directory Inspection API + Management API + Inway + Outway 13 punten * Docs 2 punten **Questions** We need to know if the only organization on prod has used access requests and/or transaction log. If this is the case we need to make a migration plan, if not we do not have to migrate. @evangelderen has asked this question and we are waiting on a response